Signing a file using HMAC

Thu, 20 Aug 2009 07:40:42 -0700 

Hello,

I am using the dgst command to sign a file, I'm also using the -hmac
option. I then want to verify the signature by decrypting it and
checking the hash. The problem is the hash never seems to match.

For example, if i sign the string "foo" I get the hash below

$ echo foo | openssl dgst -sha512 -hmac bar
3e45850d52569540b8c162069831869e867dc46efb753ec0dac42c7a88b14f6a56e1ce54b1b75564acf056d5faedd82f859b8bf8430a7b275704de3651f07eee

However, if I do the same thing, but sign it and then decrypt it, I
get a completely different hash

$ echo foo | openssl dgst -sha512 -hmac bar -sign priv | openssl
rsautl -verify -inkey priv | openssl asn1parse -inform DER
    0:d=0  hl=2 l=  81 cons: SEQUENCE
    2:d=1  hl=2 l=  13 cons: SEQUENCE
    4:d=2  hl=2 l=   9 prim: OBJECT            :sha512
   15:d=2  hl=2 l=   0 prim: NULL
   17:d=1  hl=2 l=  64 prim: OCTET STRING      [HEX
DUMP]:DEEF13827724A82A7FAA3C89F46145A41FE983380B5479A9488A9C7728557BCAF96FE2DE6A1CFFC38384F4160D446BD51E82098BDD1B55A1B1EA49B9A8B2C199

If I don't use the hmac option then the hashes are always the same.

$ echo foo | openssl dgst -sha512
0cf9180a764aba863a67b6d72f0918bc131c6772642cb2dce5a34f0a702f9470ddc2bf125c12198b1995c233c34b4afd346c54a2334c350a948a51b6e8b4e6b6

$ echo foo | openssl dgst -sha512 -sign priv | openssl rsautl -verify -
inkey priv | openssl asn1parse -inform DER
    0:d=0  hl=2 l=  81 cons: SEQUENCE
    2:d=1  hl=2 l=  13 cons: SEQUENCE
    4:d=2  hl=2 l=   9 prim: OBJECT            :sha512
   15:d=2  hl=2 l=   0 prim: NULL
   17:d=1  hl=2 l=  64 prim: OCTET STRING      [HEX DUMP]:
0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6

I know I could verify the signature using the -verify option of the
dgst command (which works). But the project I'm working on is unable
to use openssl for the verification part. So I need to hash that
openssl generates to be something predictable.

I'm using OpenSSL 0.9.8k 25 Mar 2009, on linux

Any help would be appreciated

Toby
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [email protected]

Reply via email to